Okay, it looks like the crypto functions are actually pretty straightforward. As far as I can tell at this point, this is what's happening:
The public key crypto functions look like they're strictly there to support the symmetric key import/export functions. First, you import the server's public key. Then, you generate your own public key pair, the public portion of which you can then export. (This is what I believe is sent to fus in client_login.)
Then, the symmetric key import/export functions become available to import/export encrypted symmetric keys. You can import a symmetric key (that was encrypted with your public key) from the server. You can also export the symmetric key encrypted with the server's public key, which the server can then import. Or, you can just generate one with a passphrase.
Chris,
I was previously under the assumption that we could import/export "cleartext" symmetric keys, which I don't believe we can. Judging by your previous post, I think that was the assumption you were under as well.
|